From f15ffba7864c0a6f3cacb0c790401257f70b6207 Mon Sep 17 00:00:00 2001
From: Alexander Yastrebov <alexander.yastrebov@zalando.de>
Date: Tue, 7 May 2024 12:13:00 +0200
Subject: [PATCH] docs: clarify jwtMetrics opt-out logic (#3066)

Follow up on #3055

Signed-off-by: Alexander Yastrebov <alexander.yastrebov@zalando.de>
---
 docs/reference/filters.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/reference/filters.md b/docs/reference/filters.md
index 457dc55b1c..d22546b95e 100644
--- a/docs/reference/filters.md
+++ b/docs/reference/filters.md
@@ -1560,7 +1560,7 @@ jwtValidation("https://login.microsoftonline.com/{tenantId}/v2.0")
 
 > This filter is experimental and may change in the future, please see tests for example usage.
 
-The filter parses (but does not validate) JWT token from `Authorization` request header on response path if status is not 4xx
+The filter parses (but does not validate) JWT token from `Authorization` request header on response path
 and increments the following counters:
 
 * `missing-token`: request does not have `Authorization` header
@@ -1577,6 +1577,8 @@ jwtMetrics.custom.GET.example_org.200.invalid-token
 
 and therefore requires approximately `count(HTTP methods) * count(Hosts) * count(Statuses) * 8` bytes of additional memory.
 
+The filter does nothing if response status is 4xx or route is opt-out via annotation or state bag value.
+
 The filter requires single string argument that is parsed as YAML.
 For convenience use [flow style format](https://yaml.org/spec/1.2.2/#chapter-7-flow-style-productions).